Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> writes: >> Yup, and then "do not push to untrustworthy place without checking >> what you are pushing", too? > > If there is no private data in the repository, then there is no need > for the user to check what they are pushing. As I've indicated before, > IMO manually checking each push would not be a workable security > measure in the long term anyway. Then what is? Don't answer; this is a rhetorical question. The answer is "do not push to untrustworthy place", if you are unable to check what you are pushing.